This article introduces the SANS SEC575 mobile 'App Report Cards' project and provides details on some of the analysis techniques used to scrutinize Android mobile applications for apps) when searching for security vulnerabilities and exploitation opportunities. It offers as well suggestions for app developers to implement the desired security features, including some code examples and references. The corresponding SANS webcast by the author Raul Siles is available to watch here:
The mobile 'App Report Cards' is a scoring and reporting system, distributed as Microsoft Excel spreadsheets in the form of card templates, for a consistent and thorough security analysis and evaluation of Android and iOS mobile applications. Although the two most common mobile platforms worldwide Android and iOS are part of the project, the details of the iOS mobile report card won't be covered in this article, focusing just on some relevant Android checks.